SAP Pentest

Protect Your Systems & Applications

The company's own SAP systems are often one of the most critical areas for the IT security organization of a company. It is not uncommon for sensitive and highly critical business processes to be consolidated here. Exploiting a vulnerability in such an environment can therefore have serious and sometimes substantial consequences. 

SAP systems are often the backbone of a company and therefore an attractive target for cyber attacks. However, particularly critical, specific vulnerabilities are often not detected. Why? Because the pentest of SAP infrastructures differs significantly from that of any other system or application. It requires in-depth expertise and a fundamental understanding of SAP products. My colleagues and I have developed a methodology specifically tailored to this, supported by our “sncscan” tool.

Nicolas Schickert

usd Managing Security Analyst & Expert for SAP Pentests

Common vulnerabilities include: 

  • Lack of patches for published vulnerabilities in SAP software
  • Misconfiguration of user permissions, RFC connections, system parameters, and encryption settings
  • Use of outdated third-party software (e.g. for monitoring) with known vulnerabilities
  • Security vulnerabilities in self-developed ABAP reports that allow privilege escalation or compromise of the system
  • Insufficient demarcation between development, test and productive systems

Our approach to SAP Pentests:

Our pentests are conducted according to a standardized approach, which is enhanced by specific aspects for SAP Pentests. In our SAP pentest, our security analysts comprehensively examine your SAP systems and FIORI web applications to identify potential gateways for attackers. We differentiate between the investigation of web-based SAP systems and the testing of SAP products at system level.

 

What checks are included in SAP Pentests?

These checks are included in pentests of SAP systems:

  • Verification of standard services (SSH, SMB, NFS, management and monitoring software, etc.) as well as verification of SAP-specific services (such as Content Server, Message Server, Management Console, ICM, IGS, WebDispatcher, among others)
  • Exemplary authorization check of a department user for unauthorized access to administrative transactions
  • Verification of configured system parameters (such as, among others, standardized SAP hardening recommendations, the configuration of ACL lists, the reading of information from ICF web services or encryption for specific SAP protocols such as DIAG)
  • Customization of available exploits (for example from Security Focus, Metasploit, PySAP or Core Impact) to exploit identified SAP-specific vulnerabilities
During pentests of FIORI web applications, we also perform the following checks:

  • Input validation and processing verification
  • Automated scanning of the web application using a state-of-the-art vulnerability scanner
  • Attack scenarios based on the combination of several identified vulnerabilities
  • Review of the authorization concept of the FIORI application, both in the web application directly and in the OData data model
  • Automated and manual analysis of the OData data model

One step further with our SNC Scan

Our in-house developed tool “SNC Scan” enables us to analyze the SAP Secure Network Communication (SNC) protocol and detect any insecure configurations.

More information

More information on SAP Pentests

Identify the Gateways in your SAP Environment in Time

Learn more

Contact

 

Please contact us with any questions or queries.

 

Phone: +49 6102 8631-190
Email: sales@usd.de
PGP Key
S/MIME
Contact Form

 

Daniel Heyne
Head of Sales - Security Analysis